Brian Ryner <[EMAIL PROTECTED]> writes:
> If I try to connect to a server running ssh-2.0.13 using lsh-0.1.3, I get
> the following error:
>
> Unexpected KEXINIT or NEWKEYS message!
> Connection died.
ssh-2.0.x does not conform to the protocol spec. lsh may contain bugs
that makes it not conform to the spec either. lsh also contains
workarounds for the most know bugs in ssh-2, so that it can
interoperate.
If you have the time to investigate the interoperability, that would
be a really good thing (I don't have ssh2 installed, and I prefer not
to look too closely at its sourcecode).
A first step to track this down is to run lsh with the -v or even the
--debug flag.
> and in the ssh server log:
>
> Jul 8 16:44:54 hh-terrance sshd2[21263]: connection from "127.0.0.1"
> Jul 8 16:44:55 hh-terrance sshd2[21267]: Remote host disconnected:
> Invalid server signature^M
> Jul 8 16:44:55 hh-terrance sshd2[21267]: Key exchange failed: 'Invalid
> server signature^M '
>
> (in this example the server and client were both on the same machine).
ssh2 uses a different format for dss signatures than the one specified
in the latest draft (or with the different format in the draft before
that, for that matter). Either the workaround in lsh is not used, for
some reason, or it doesn't implements the ssh2 format properly.
On the lsh file, the place to start look is probably the
do_dsa_verify_kludge() function in src/dsa.c.
As far as I know, the format used by ssh2 is a bytestring of even
length, where the first half represents r and the second half s, as
unsigned numbers in network byte order.
Looking at the code, it seems that lsh expects this "signature blob"
to also include a length field. Perhaps that is the problem?
If you can't figure out how to fix this yourself, please send me the
--debug output from lsh.
Regards,
/Niels
